[PATCH 0/4] ext4: Fix overflows in ext4 code

[PATCH 0/4] ext4: Fix overflows in ext4 code

[Jan Kara]

  Hello,

  while working on my patchset, I stumbled over an overflow bug which
made me do a quick audit of shifts in ext4 code. I've found a couple of
places which use << and which can overflow (usually on 32-bit
architecture only but at least SEEK_HOLE / SEEK_DATA bugs are real even
for 64-bit architectures). Patches in this series fix the issues I've
found. Likely this is also stable material so Ted, you might want to add
stable@vger.kernel.org to CC when merging the patches.

								Honza

[PATCH 1/4] ext4: Fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()

[Jan Kara]

On 32-bit archs when sector_t is defined as 32-bit the logic computing
data offset in ext4_inline_data_fiemap(). Fix that by properly typing
the shifted value.

Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/ext4/inline.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3e2bf87..33331b4 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1842,7 +1842,7 @@ int ext4_inline_data_fiemap(struct inode *inode,
 	if (error)
 		goto out;
 
-	physical = iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits;
+	physical = (__u64)iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits;
 	physical += (char *)ext4_raw_inode(&iloc) - iloc.bh->b_data;
 	physical += offsetof(struct ext4_inode, i_block);
 	length = i_size_read(inode);
-- 
1.8.1.4

[PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations

[Jan Kara]

ext4_lblk_t is just u32 so multiplying it by blocksize can easily
overflow for files larger than 4 GB. Fix that by properly typing the
block offsets before shifting.

Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/ext4/file.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index b1b4d51..b19f0a4 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -312,7 +312,7 @@ static int ext4_find_unwritten_pgoff(struct inode *inode,
 	blkbits = inode->i_sb->s_blocksize_bits;
 	startoff = *offset;
 	lastoff = startoff;
-	endoff = (map->m_lblk + map->m_len) << blkbits;
+	endoff = (loff_t)(map->m_lblk + map->m_len) << blkbits;
 
 	index = startoff >> PAGE_CACHE_SHIFT;
 	end = endoff >> PAGE_CACHE_SHIFT;
@@ -457,7 +457,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 		ret = ext4_map_blocks(NULL, inode, &map, 0);
 		if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) {
 			if (last != start)
-				dataoff = last << blkbits;
+				dataoff = (loff_t)last << blkbits;
 			break;
 		}
 
@@ -468,7 +468,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 		ext4_es_find_delayed_extent_range(inode, last, last, &es);
 		if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) {
 			if (last != start)
-				dataoff = last << blkbits;
+				dataoff = (loff_t)last << blkbits;
 			break;
 		}
 
@@ -486,7 +486,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 		}
 
 		last++;
-		dataoff = last << blkbits;
+		dataoff = (loff_t)last << blkbits;
 	} while (last <= end);
 
 	mutex_unlock(&inode->i_mutex);
@@ -540,7 +540,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 		ret = ext4_map_blocks(NULL, inode, &map, 0);
 		if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) {
 			last += ret;
-			holeoff = last << blkbits;
+			holeoff = (loff_t)last << blkbits;
 			continue;
 		}
 
@@ -551,7 +551,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 		ext4_es_find_delayed_extent_range(inode, last, last, &es);
 		if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) {
 			last = es.es_lblk + es.es_len;
-			holeoff = last << blkbits;
+			holeoff = (loff_t)last << blkbits;
 			continue;
 		}
 
@@ -566,7 +566,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 							      &map, &holeoff);
 			if (!unwritten) {
 				last += ret;
-				holeoff = last << blkbits;
+				holeoff = (loff_t)last << blkbits;
 				continue;
 			}
 		}
-- 
1.8.1.4

[PATCH 3/4] ext4: Fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs

[Jan Kara]

On 32-bit architectures with 32-bit sector_t computation of data offset
in ext4_xattr_fiemap() can overflow resulting in reporting bogus data
location. Fix the problem by typing block number to proper type before
shifting.

Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/ext4/extents.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index bc0f191..e49da58 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4659,7 +4659,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		error = ext4_get_inode_loc(inode, &iloc);
 		if (error)
 			return error;
-		physical = iloc.bh->b_blocknr << blockbits;
+		physical = (__u64)iloc.bh->b_blocknr << blockbits;
 		offset = EXT4_GOOD_OLD_INODE_SIZE +
 				EXT4_I(inode)->i_extra_isize;
 		physical += offset;
@@ -4667,7 +4667,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		flags |= FIEMAP_EXTENT_DATA_INLINE;
 		brelse(iloc.bh);
 	} else { /* external block */
-		physical = EXT4_I(inode)->i_file_acl << blockbits;
+		physical = (__u64)EXT4_I(inode)->i_file_acl << blockbits;
 		length = inode->i_sb->s_blocksize;
 	}
 
-- 
1.8.1.4

[PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures

[Jan Kara]

The arithmetics adding delalloc blocks to the number of used blocks in
ext4_getattr() can easily overflow on 32-bit archs as we first multiply
number of blocks by blocksize and then divide back by 512. Make the
arithmetics more clever and also use proper type (unsigned long long
instead of unsigned long).

Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/ext4/inode.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index d6382b8..83d9e69 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4805,7 +4805,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry,
 		 struct kstat *stat)
 {
 	struct inode *inode;
-	unsigned long delalloc_blocks;
+	unsigned long long delalloc_blocks;
 
 	inode = dentry->d_inode;
 	generic_fillattr(inode, stat);
@@ -4823,7 +4823,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry,
 	delalloc_blocks = EXT4_C2B(EXT4_SB(inode->i_sb),
 				EXT4_I(inode)->i_reserved_data_blocks);
 
-	stat->blocks += (delalloc_blocks << inode->i_sb->s_blocksize_bits)>>9;
+	stat->blocks += delalloc_blocks << (inode->i_sb->s_blocksize_bits-9);
 	return 0;
 }
 
-- 
1.8.1.4

Re: [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations

[Zheng Liu]

On Wed, May 29, 2013 at 02:05:31PM +0200, Jan Kara wrote:
> ext4_lblk_t is just u32 so multiplying it by blocksize can easily
> overflow for files larger than 4 GB. Fix that by properly typing the
> block offsets before shifting.
> 
> Signed-off-by: Jan Kara <jack@suse.cz>

Ah, it's my fault.  Thanks for fixing this.
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>

                                                - Zheng

> ---
>  fs/ext4/file.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/fs/ext4/file.c b/fs/ext4/file.c
> index b1b4d51..b19f0a4 100644
> --- a/fs/ext4/file.c
> +++ b/fs/ext4/file.c
> @@ -312,7 +312,7 @@ static int ext4_find_unwritten_pgoff(struct inode *inode,
>  	blkbits = inode->i_sb->s_blocksize_bits;
>  	startoff = *offset;
>  	lastoff = startoff;
> -	endoff = (map->m_lblk + map->m_len) << blkbits;
> +	endoff = (loff_t)(map->m_lblk + map->m_len) << blkbits;
>  
>  	index = startoff >> PAGE_CACHE_SHIFT;
>  	end = endoff >> PAGE_CACHE_SHIFT;
> @@ -457,7 +457,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
>  		ret = ext4_map_blocks(NULL, inode, &map, 0);
>  		if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) {
>  			if (last != start)
> -				dataoff = last << blkbits;
> +				dataoff = (loff_t)last << blkbits;
>  			break;
>  		}
>  
> @@ -468,7 +468,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
>  		ext4_es_find_delayed_extent_range(inode, last, last, &es);
>  		if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) {
>  			if (last != start)
> -				dataoff = last << blkbits;
> +				dataoff = (loff_t)last << blkbits;
>  			break;
>  		}
>  
> @@ -486,7 +486,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
>  		}
>  
>  		last++;
> -		dataoff = last << blkbits;
> +		dataoff = (loff_t)last << blkbits;
>  	} while (last <= end);
>  
>  	mutex_unlock(&inode->i_mutex);
> @@ -540,7 +540,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
>  		ret = ext4_map_blocks(NULL, inode, &map, 0);
>  		if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) {
>  			last += ret;
> -			holeoff = last << blkbits;
> +			holeoff = (loff_t)last << blkbits;
>  			continue;
>  		}
>  
> @@ -551,7 +551,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
>  		ext4_es_find_delayed_extent_range(inode, last, last, &es);
>  		if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) {
>  			last = es.es_lblk + es.es_len;
> -			holeoff = last << blkbits;
> +			holeoff = (loff_t)last << blkbits;
>  			continue;
>  		}
>  
> @@ -566,7 +566,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
>  							      &map, &holeoff);
>  			if (!unwritten) {
>  				last += ret;
> -				holeoff = last << blkbits;
> +				holeoff = (loff_t)last << blkbits;
>  				continue;
>  			}
>  		}
> -- 
> 1.8.1.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures

[Theodore Ts'o]

On Wed, May 29, 2013 at 02:05:33PM +0200, Jan Kara wrote:
> The arithmetics adding delalloc blocks to the number of used blocks in
> ext4_getattr() can easily overflow on 32-bit archs as we first multiply
> number of blocks by blocksize and then divide back by 512. Make the
> arithmetics more clever and also use proper type (unsigned long long
> instead of unsigned long).
> 
> Signed-off-by: Jan Kara <jack@suse.cz>

I've applied these four patches to the ext4 tree, thanks!!

     	     	   		       - Ted

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Eric Sandeen]

On 5/29/13 7:05 AM, Jan Kara wrote:
>   Hello,
> 
>   while working on my patchset, I stumbled over an overflow bug which
> made me do a quick audit of shifts in ext4 code. I've found a couple of
> places which use << and which can overflow (usually on 32-bit
> architecture only but at least SEEK_HOLE / SEEK_DATA bugs are real even
> for 64-bit architectures). Patches in this series fix the issues I've
> found. Likely this is also stable material so Ted, you might want to add
> stable@vger.kernel.org to CC when merging the patches.
> 
> 								Honza

I don't think these did get cc'd to stable.  Was there a reason for that,
or was it an oversight?

-Eric

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Theodore Ts'o]

On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote:
> 
> I don't think these did get cc'd to stable.  Was there a reason for that,
> or was it an oversight?

It was an oversight; my fault, sorry.  I'll send a request to the
stable kernel tree for the following patches:

8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures
a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations
eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()

	      	       	      	       	  	 - Ted

[PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()

[Theodore Ts'o]

From: Jan Kara <jack@suse.cz>

On 32-bit archs when sector_t is defined as 32-bit the logic computing
data offset in ext4_inline_data_fiemap(). Fix that by properly typing
the shifted value.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 fs/ext4/inline.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3e2bf87..33331b4 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1842,7 +1842,7 @@ int ext4_inline_data_fiemap(struct inode *inode,
 	if (error)
 		goto out;
 
-	physical = iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits;
+	physical = (__u64)iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits;
 	physical += (char *)ext4_raw_inode(&iloc) - iloc.bh->b_data;
 	physical += offsetof(struct ext4_inode, i_block);
 	length = i_size_read(inode);
-- 
1.7.12.rc0.22.gcdd159b

[PATCH 2/4] ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations

[Theodore Ts'o]

From: Jan Kara <jack@suse.cz>

ext4_lblk_t is just u32 so multiplying it by blocksize can easily
overflow for files larger than 4 GB. Fix that by properly typing the
block offsets before shifting.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>
---
 fs/ext4/file.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index b1b4d51..b19f0a4 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -312,7 +312,7 @@ static int ext4_find_unwritten_pgoff(struct inode *inode,
 	blkbits = inode->i_sb->s_blocksize_bits;
 	startoff = *offset;
 	lastoff = startoff;
-	endoff = (map->m_lblk + map->m_len) << blkbits;
+	endoff = (loff_t)(map->m_lblk + map->m_len) << blkbits;
 
 	index = startoff >> PAGE_CACHE_SHIFT;
 	end = endoff >> PAGE_CACHE_SHIFT;
@@ -457,7 +457,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 		ret = ext4_map_blocks(NULL, inode, &map, 0);
 		if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) {
 			if (last != start)
-				dataoff = last << blkbits;
+				dataoff = (loff_t)last << blkbits;
 			break;
 		}
 
@@ -468,7 +468,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 		ext4_es_find_delayed_extent_range(inode, last, last, &es);
 		if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) {
 			if (last != start)
-				dataoff = last << blkbits;
+				dataoff = (loff_t)last << blkbits;
 			break;
 		}
 
@@ -486,7 +486,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 		}
 
 		last++;
-		dataoff = last << blkbits;
+		dataoff = (loff_t)last << blkbits;
 	} while (last <= end);
 
 	mutex_unlock(&inode->i_mutex);
@@ -540,7 +540,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 		ret = ext4_map_blocks(NULL, inode, &map, 0);
 		if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) {
 			last += ret;
-			holeoff = last << blkbits;
+			holeoff = (loff_t)last << blkbits;
 			continue;
 		}
 
@@ -551,7 +551,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 		ext4_es_find_delayed_extent_range(inode, last, last, &es);
 		if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) {
 			last = es.es_lblk + es.es_len;
-			holeoff = last << blkbits;
+			holeoff = (loff_t)last << blkbits;
 			continue;
 		}
 
@@ -566,7 +566,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 							      &map, &holeoff);
 			if (!unwritten) {
 				last += ret;
-				holeoff = last << blkbits;
+				holeoff = (loff_t)last << blkbits;
 				continue;
 			}
 		}
-- 
1.7.12.rc0.22.gcdd159b

[PATCH 3/4] ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs

[Theodore Ts'o]

From: Jan Kara <jack@suse.cz>

On 32-bit architectures with 32-bit sector_t computation of data offset
in ext4_xattr_fiemap() can overflow resulting in reporting bogus data
location. Fix the problem by typing block number to proper type before
shifting.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 fs/ext4/extents.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 214e68a..299ee9d 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4679,7 +4679,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		error = ext4_get_inode_loc(inode, &iloc);
 		if (error)
 			return error;
-		physical = iloc.bh->b_blocknr << blockbits;
+		physical = (__u64)iloc.bh->b_blocknr << blockbits;
 		offset = EXT4_GOOD_OLD_INODE_SIZE +
 				EXT4_I(inode)->i_extra_isize;
 		physical += offset;
@@ -4687,7 +4687,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		flags |= FIEMAP_EXTENT_DATA_INLINE;
 		brelse(iloc.bh);
 	} else { /* external block */
-		physical = EXT4_I(inode)->i_file_acl << blockbits;
+		physical = (__u64)EXT4_I(inode)->i_file_acl << blockbits;
 		length = inode->i_sb->s_blocksize;
 	}
 
-- 
1.7.12.rc0.22.gcdd159b

[PATCH 4/4] ext4: fix overflow when counting used blocks on 32-bit architectures

[Theodore Ts'o]

From: Jan Kara <jack@suse.cz>

The arithmetics adding delalloc blocks to the number of used blocks in
ext4_getattr() can easily overflow on 32-bit archs as we first multiply
number of blocks by blocksize and then divide back by 512. Make the
arithmetics more clever and also use proper type (unsigned long long
instead of unsigned long).

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 fs/ext4/inode.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 0fca5a8..38f03dc 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4702,7 +4702,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry,
 		 struct kstat *stat)
 {
 	struct inode *inode;
-	unsigned long delalloc_blocks;
+	unsigned long long delalloc_blocks;
 
 	inode = dentry->d_inode;
 	generic_fillattr(inode, stat);
@@ -4720,7 +4720,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry,
 	delalloc_blocks = EXT4_C2B(EXT4_SB(inode->i_sb),
 				EXT4_I(inode)->i_reserved_data_blocks);
 
-	stat->blocks += (delalloc_blocks << inode->i_sb->s_blocksize_bits)>>9;
+	stat->blocks += delalloc_blocks << (inode->i_sb->s_blocksize_bits-9);
 	return 0;
 }
 
-- 
1.7.12.rc0.22.gcdd159b

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Eric Sandeen]

On 7/9/13 9:38 AM, Theodore Ts'o wrote:
> On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote:
>>
>> I don't think these did get cc'd to stable.  Was there a reason for that,
>> or was it an oversight?
> 
> It was an oversight; my fault, sorry.  I'll send a request to the
> stable kernel tree for the following patches:
> 
> 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures
> a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
> e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations
> eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()
> 
> 	      	       	      	       	  	 - Ted

Thanks Ted!

-Eric

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Luis Henriques]

"Theodore Ts'o" <tytso@mit.edu> writes:

> On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote:
>> 
>> I don't think these did get cc'd to stable.  Was there a reason for that,
>> or was it an oversight?
>
> It was an oversight; my fault, sorry.  I'll send a request to the
> stable kernel tree for the following patches:
>
> 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures
> a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
> e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations
> eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()
>
> 	      	       	      	       	  	 - Ted

Thanks Ted.  All of these patches seem to be applicable to the 3.8
kernel.  As for the 3.5 kernel, I'm queuing the first 2 patches only.

Cheers,
-- 
Luis

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Josh Boyer]

On Tue, Jul 9, 2013 at 10:38 AM, Theodore Ts'o <tytso@mit.edu> wrote:
> On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote:
>>
>> I don't think these did get cc'd to stable.  Was there a reason for that,
>> or was it an oversight?
>
> It was an oversight; my fault, sorry.  I'll send a request to the
> stable kernel tree for the following patches:
>
> 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures
> a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
> e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations
> eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()

Greg, are these 4 commits part of the large pile you're sitting on
right now?  Just want to make sure the request wasn't missed, as they
lack the CC to stable.

josh

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Greg KH]

On Fri, Jul 12, 2013 at 09:15:06AM -0400, Josh Boyer wrote:
> On Tue, Jul 9, 2013 at 10:38 AM, Theodore Ts'o <tytso@mit.edu> wrote:
> > On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote:
> >>
> >> I don't think these did get cc'd to stable.  Was there a reason for that,
> >> or was it an oversight?
> >
> > It was an oversight; my fault, sorry.  I'll send a request to the
> > stable kernel tree for the following patches:
> >
> > 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures
> > a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
> > e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations
> > eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()
> 
> Greg, are these 4 commits part of the large pile you're sitting on
> right now?  Just want to make sure the request wasn't missed, as they
> lack the CC to stable.

They are still in my "to-apply" queue, and are not lost.  And I wasn't
counting them in the 170 patches I have to review, make that 174 now :)

thanks,

greg k-h

Re: [PATCH 0/4] ext4: Fix overflows in ext4 code

[Ben Hutchings]

[-- Attachment #1: Type: text/plain, Size: 871 bytes --]

On Tue, 2013-07-09 at 10:38 -0400, Theodore Ts'o wrote:
> On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote:
> > 
> > I don't think these did get cc'd to stable.  Was there a reason for that,
> > or was it an oversight?
> 
> It was an oversight; my fault, sorry.  I'll send a request to the
> stable kernel tree for the following patches:
> 
> 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures
> a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs

Both queued up for 3.2, thanks.

> e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations
> eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap()

These are for features that were added after 3.2.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]